Security threats develop and evolve with startling rapidity, with the attackers always seeking to stay one step ahead of the S&R professional. The agility of our aggressors is understandable; they do not have the same service-focused restrictions that most organizations have, and they seek to find and exploit individual weaknesses in the vast sea of interconnecting technology that is our computing infrastructure.

If we are to stand a chance of breaking even in this game, we have to learn our lessons and ensure that we don’t repeat the same mistakes over and over. Unfortunately, it is alarmingly common to see well known vulnerabilities and weakness being baked right in to new applications and systems – just as if the past 5 years had never happened!

A recent report released by Alex Hopkins of Context Information Security shines a light on the vulnerabilities they discovered while testing almost 600 pre-release web applications during 2011. The headlines for me were:

• On average, the number of issues discovered per application is on the rise.
• Two-thirds of web applications were affected by cross site scripting (XSS).
• Nearly one in five web applications were vulnerable to SQL injection.

It makes depressing reading, but I’m interested in why this situation is occurring:

• Are S&R professionals simply not educating and guiding application developers?
• Are application developers ignoring the training and education? Are we teaching them the wrong things or do we struggle to explain the threats from XSS and SQL injection?
• Are our internal testing regimes failing, allowing flawed code to reach release candidate stage?

Oracle Corporation announced its purchase of Taleo for $1.9 billion on Feb. 9, 2012, signaling a major shift in its stance on software-as-a-service (SaaS) and talent management applications. The transaction is expected to close midyear 2012, subject to regulatory and stockholder approvals.

Oracle has long held a “we can build it better” position on talent management, learning, and recruitment applications but struggled to compete with best-of-breed talent management vendors like SuccessFactors (recently acquired by rival SAP), Taleo, Kenexa, Cornerstone, and SumTotal Systems. Oracle has been reticent to offer these (or any other) applications via SaaS, preferring a licensed/on-premises business model that provides early revenue recognition versus the deferred revenue model of SaaS.

In fact, Oracle CEO Larry Ellison has been outspoken in his anti-SaaS stance in recent years, changing his posture somewhat with the Oracle Public Cloud announcement at last October’s Oracle OpenWorld conference. Meanwhile, the HR apps market shifted overwhelmingly to the SaaS (subscription-based) deployment model, which has become virtually ubiquitous in recruitment, learning, and talent management and is also growing in core HRMS via ADP, Ultimate Software, and Workday.

By acquiring Taleo, Oracle puts itself back in the game for SaaS recruiting and talent management. Taleo is a market leader in recruitment automation and has a competitive portfolio of products across performance, compensation, and learning management. The $1.9 billion deal price is more than six times Taleo’s 2011 annual revenues of $309 million, a high premium but substantially less than the $3.4 billion and 11-times revenues that SAP recently paid for SuccessFactors.

Less than a week ago, initial information became public that Misys and Temenos may intend to merge. On February 7, 2012, a press release stated that “Temenos and Misys today confirm that they have reached agreement in principle on certain key terms and are in continuing discussions regarding a possible all share merger of the two groups.“ Now Misys and Temenos have about one month to finalize their merger — or abandon it. It is obvious that this merger has the ingredients to become one of the most significant mergers in the banking industry in the past few years. With the probability of the merger now sufficiently high, here is my initial take.

There are two obvious reasons for this potential endeavor of Temenos and Misys (let’s call the combined company MIsys-TemeNOS [“MiNos”] for the time being to avoid terms such as “new company” or “NewCo”):

• A broader and deeper product portfolio for banking and capital markets. While Temenos has been a Global Power Seller in Forrester’s global banking platform deals survey for years, Temenos has so far struggled to win a large number of major banks as customers for its banking platform. The combined portfolio could make “MiNos” more attractive for larger as well as smaller potential customers — with an even broader set of point solutions as well as integrated apps offerings such as banking platforms.

I've been testing the MacBook Air for five months now. I use it for work and for home. At work, I run our corporate image Windows XP with the attendant applications and security software in a Parallels virtual machine. At home, I run the Mac side. After a few hiccups with the security software going haywire in our corporate image (thanks to the Parallels support team and to our own IT client and network security team for help), it's been a great experience.

I don't need to wax poetic about just how good the MacBook Air itself is. Plenty of testers have already explained just what makes the MacBook Air the ultra ultabook. See Engadget, CNET, Fortune. (And of course ultrabooks were all the rage at CES this year, see HP's showcased by Serena in Gossip Girl and Dell's XPS 13.)

But I do need to describe my experience with this travel-friendly, totally modern, and practical combination of hardware and software. I'll then also point out some things that are still challenging in using the MacBook Air in a Windows-centric business world. First, the experience in four bullets: